Vulnerability Description
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Configuration Utility | 10.0.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.htmlExploit
- http://osvdb.org/89447
- http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.htmlVendor Advisory
- http://www.securityfocus.com/bid/57496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81426
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-Exploit
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0093.htmlExploit
- http://osvdb.org/89447
- http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.htmlVendor Advisory
- http://www.securityfocus.com/bid/57496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81426
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-Exploit
FAQ
What is CVE-2012-2997?
CVE-2012-2997 is a vulnerability with a CVSS score of 4.0 (MEDIUM). XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files v...
How severe is CVE-2012-2997?
CVE-2012-2997 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2997?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Configuration Utility.